OpenStack TripleO Heat Templates

CPE Details

OpenStack TripleO Heat Templates
openstack
tripleo_heat_templates
-
2016-06-09
11h07 +00:00
2016-06-09
11h07 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:openstack:tripleo_heat_templates:-:*:*:*:*:*:*:*

Informations

Vendor

openstack

Product

tripleo_heat_templates

Version

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-3585 2022-08-26 13h25 +00:00 A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
5.5
Moyen
CVE-2021-4180 2022-03-23 18h46 +00:00 An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.
4.3
Moyen
CVE-2018-10898 2018-07-30 14h00 +00:00 A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.
8.8
Haute
CVE-2015-5271 2016-04-15 15h00 +00:00 The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.
7.5
Haute
CVE-2015-5303 2016-04-11 19h00 +00:00 The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.
7.5
Haute
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.